Tag Archives: data

CUIT Data Storage

  • CUIT is offering backed up data at the rate of 1tb/$450/year that you can map to your pc or mac to access it like a drive. It is certified for PHI or PII.
  • If you also want a small server or desktop to access it with, CUIT can host a small virtual server (2 cpu’s, 4gb RAM, 50gb drive space) for you, for $102/month.
  • You can increase those specs (for instance if you also want to run software applications on that virtual server) at more cost
  • If you want a small server and 1tb of space, together they would cost $1500 annually approximately.
  • CUIT will take care of all maintenance, patching, security, and backups.

Columbia IRB: De-identified Data

Terminology for “De-identified” data:
http://www.columbia.edu/cu/irb/faq.html

  • De-identified: When collected, data contained identifiers or information that would permit identification of the individual(s) about whom the data were collected, but the identifiers or other links to identity have been removed.
  • Coded:  Data contains identifiers but the identifiers are stored separately from the data; a subject identifier or other code is used to link the two.
  • Confidential: Data contains information that would permit identification of the individual(s) about whom the data were collected, but is maintained in a manner that protects the information from release to unauthorized individuals.

WHAT YOU CAN DO TO FACILITATE EFFICIENT IRB REVIEW
http://www.columbia.edu/cu/irb/policies/Efficient_IRB_Review_040113.html

  • a)      Anonymous – the identity of the respondent cannot be determined; no links exist between the data and the individual about whom the data are recorded;
  • b)      De-identified – identifiers have been removed from the dataset under consideration; links between the data and the individual about whom the data are recorded exist but are not readily accessible to the researcher at CU;
  • c)      Coded – identifiers have been removed from the dataset under consideration but can readily be replaced through the use of a master list that is accessible to the investigator;
  • d)      Identifiable or non-coded – the identity of the subject is documented, linked or associated with the data.

IRB Privacy Board Procedures:
http://www.columbia.edu/cu/irb/policies/documents/IRB_Privacy_Board_Procedures_FINAL042508.pdf

Procedure #9 TITLE: Investigator Certification for Research with De-Identified Data – Form G De-identified data are data that contain none of the 18 HIPAA identifiers. If all of the 18 identifiers are removed, the information is no longer (1) Individually identifiable, (2) PHI, and (3) subject to HIPAA’s requirements

  • A de-identified data set may be coded with a unique identifier that cannot be traced back to the individual for the purpose of being re-identified by the provider at a later date.
  • De-identified data may include gender, age, race, or relevant information regarding disease or tissue source and can later be re-identified, by the original holder of the data, if necessary, by means of a unique, non identifiable, code for purposes of carrying out research.
  • It is important to remember that re-identification will subject the information to HIPAA’s requirements. A researcher must resubmit the protocol to the IRB for approval when reidentification of the data is desired.
  • A data set may also be considered de-identified if an expert in statistical and scientific methods determines and documents that the methods used to de-identify or code the data present a very small risk that the information can be used alone or in combination with other reasonably available information to identify an individual.
  • “Anonymous” data are not necessarily considered de-identified under HIPAA. Anonymity under the federal Common Rule requires that individuals cannot be readily ascertained by the investigator and cannot be associated with the data. According to the Common Rule standard, anonymous data may retain dates of treatment. Under HIPAA’s more stringent requirements, however, such data would be considered identifiable data. The use of de-identified data requires the submission of an Investigator Certification for Research with De-Identified Data – Form G. The form should be completed and attached to the Protocol in RASCAL.